Bugtraq mailing list archives
Re: MacOS X SoftwareUpdate Vulnerability
From: Julian Suschlik <julian.suschlik () gmx net>
Date: Mon, 8 Jul 2002 16:42:21 +0200
Hi, Am Sonntag den, 7. Juli 2002, um 06:21, schrieb Russell Harding:
----------------------------------------------------------------------------
MacOS X SoftwareUpdate Vulnerability.
----------------------------------------------------------------------------
Date: July 6, 2002
Version: MacOS 10.1.X and possibly 10.0.X
Problem: MacOS X SoftwareUpdate connects to the SoftwareUpdate Server via
HTTP with no authentication, leaving it vulnerable to attack.
[...]
Solution/Patch/Workaround:
[...] A possible workaround: System Preferences -> Software Update -> Update Software: [x] Manually DonĀ“t touch the "Update Now"-Button! Look for updates on http://www.info.apple.com/support/downloads.html Use trusted networks or http-to-mail gateway to get the files. HTH, Julian
Current thread:
- MacOS X SoftwareUpdate Vulnerability Russell Harding (Jul 07)
- Re: MacOS X SoftwareUpdate Vulnerability Julian Suschlik (Jul 08)
- Re: MacOS X SoftwareUpdate Vulnerability Kurt Seifried (Jul 08)
- Re: MacOS X SoftwareUpdate Vulnerability Corey J. Steele (Jul 11)
- Re: MacOS X SoftwareUpdate Vulnerability gabriel rosenkoetter (Jul 12)
- <Possible follow-ups>
- RE: MacOS X SoftwareUpdate Vulnerability jaehnel (Jul 13)
- RE: MacOS X SoftwareUpdate Vulnerability Hundley, Gordon - Princeton (Jul 15)
- Re: MacOS X SoftwareUpdate Vulnerability Julian Suschlik (Jul 08)